Based in Southern California, with five offices in Los Angeles, Orange, San Diego and San Bernardino counties, New Horizons Computer Learning Centers of Southern California was recently named Red Hat Training’s Ready Partner of the Year at the annual Red Hat Training Partner Conference in Las Vegas, NV. As part of the world’s largest independent IT training company, New Horizons Computer Learning Centers of Southern California is a learning solutions provider for the industry’s top vendors, and has been a Red Hat Training Partner since 2010. We recently caught up with New Horizons Computer learning Centers of Southern California’s CEO, Kevin Landry, for his thoughts regarding the state of the training industry today and how it will change tomorrow.

Who are you training these days?
The market we’re in is a little bit unique. 70% of our business is considered B2B or enterprise business, companies like Disney, Southern California Edison, and Ingram Micro. Working with Red Hat over the past several years, we’ve continually seen this business double year after year. Developers in training is the largest growth area, but the greatest area of interest we’ve seen increase has been in the consumer market, where individuals fund their own training. I’d say 30% of the individuals that we train fall into this latter group, and are funding training on their own or have alternative government funding, such as VA benefits or unemployment benefits.

What are the most common reasons people are getting trained right now?
Skill shortage is the main reason that individuals are seeking training, and being that it’s more likely these days to see Linux or Red Hat in a job description, we’ve seen a lot of growth in consumers seeking Red Hat Certifications.

Continue reading “Catching up with New Horizons Computer Learning Centers of Southern California”

My name is Scott McBrien. I work for the Red Hat Training Curriculum Development Team and was the project leader for the development of the Red Hat Server Hardening (RH413) course. Before joining the Red Hat Training Curriculum Development Team, I worked as both a Red Hat training instructor and consultant. I hope that my field experiences show through in our new class.

When I first started thinking of writing a security focused class, I tried to think about what story would make a compelling course that I, and other systems administrators, would like to attend. One of the topics that I have seen grow to be pervasive in the systems administration community is Security Policy Compliance. Many of us have had the lovely experience of having someone from another team, or an outside consultant, come in to run some type of scanning software against our machine, and say “You’re not in compliance with SECURITY-STANDARD”. In my experience, the systems administrator is told to fix the deficiency without a lot of direction from the person telling them that there’s a problem, or worse, they are given instructions by someone who is not an expert on the technology, which fixes the audit deficiency, but down the line causes problems. A situation that I see over and over again is systems administrators being told to install non-supported software on their Red Hat Enterprise Linux machines because the version they have is “old” or “vulnerable”. In reality, Red Hat does a lot of work to publish updates to Red Hat Enterprise Linux (and other products) so that an administrator can use supported, packaged software from Red Hat and not have software open to known vulnerabilities. Red Hat’s update management and application of updates is the first topic in “Red Hat Server Hardening”.

I am pleased to announce our newest certification, Red Hat Certificate of Expertise in Server Hardening. This new Certificate of Expertise will take the place of the Red Hat Certificate of Expertise in Security: Network Services and Red Hat Certificate of Expertise in Directory Services and Authentication. Red Hat Certified Professionals working towards earning Red Hat Certified Security Specialist (RHCSS), Red Hat Certified Datacenter Specialist (RHCDS) or Red Hat Certified Architect are able to visit our Certification FAQ to learn more about how this new Certificate of Expertise fits into these programs. Why are we introducing this new credential and replacing long-standing ones with it?

Every year, Las Vegas plays host to DEF CON® Hacking Conference, which is routinely described as the world’s biggest hacker conference. Most people attend to learn about security exploits so that they can protect themselves and others. At last year’s conference many speakers within the DEF CON community spoke about the important of asking questions, engaging with others while at the conference and sharing knowledge.

One speaker, who is particular well-established, likewise made such a statement. He then went on to say that in order to speak to him, there were requirements. He then proceeded to enumerate, accompanied by slides, the vast array of skills and knowledge one needed in order to be worthy to step into his presence. His rigorous list would be an excellent checklist for someone who wanted to have a heavy-duty, information assurance consulting practice. However, many of us must think about security and implement practices that address specific risk factors with appropriate levels of time, effort and money. It is not our role to contemplate the vast everythingness of everything. We need to ensure that we have taken appropriate steps on systems within our care. In short, we need focus within that deep, broad ocean called security.

Increasingly in today’s world, data centers are moving towards software-defined computing, networking, and storage. IT infrastructure that supports the application and data workloads is moving from bare metal servers to cloud. While the most obvious justification for this shift can be summarized as increased efficiency, capacity utilization, and flexibility (to scale up or down), there are less obvious fundamental economic and financial principles in play that contribute to overall business stability of the organizations and lines of business (LOB).

Cloud computing has changed the cost structure of IT infrastructure. Historically, IT infrastructure was considered a capital expenditure (CapEx) that requires large upfront investments leading to higher fixed costs for the business. With the advent of cloud computing, primarily because of its pay-for-use billing model, IT expenditure shifted from fixed operating cost structure to variable operating cost (OpEx) model.

This shift not only decreases the need for larger cash flow requirements or, in lieu, higher liabilities on balance sheet (akin to capitalization of lease expenses) for the CapEx, it also reduces the volatility in the operating income for the business.

Long an acquaintance and ally of government institutions, open source is no longer considered rocket science by the enterprise.

Companies find open source attractive because they’re not tied to one vendor, can make improvements in the system at any time and realize cost savings, all helping boost market penetration. And, of course, there’s the benefit of communities continuously improving the products.

In the outside world, governments are strong sponsors of this type of initiative, especially in Brazil, where the use of free and open source software is encouraged to make the market more democratic. And, of course, the market has become increasingly more open to open source. While there were once concerns about the reliability, security, and functionality, those fears are all gone. Red Hat has made it possible to combine the benefits of these technologies with the necessary support for mission-critical environments, developing platforms and the specific demands organizations face.

Introduction

The following article describes how to enforce authentication with SAML and authorization with XACML on a JAX-WS Web Service on JBoss Enterprise Application Platform with Picketlink. I combined several articles listed in the References section to make this one demonstration. The source code is on github.

Note: Future updates will the latest versions of EAP/Picketlink/Fuse and moving the projects to maven.

Server Project
Contains the Web Service to take the assertion out of the wsse, validate it, verify authorization and process the request. The files contained in the project are the SAML2ServerHandler.java, WSTest.java, WSTestBean.java, jboss.xml, jbossxacml-config.xml,standard-jaxws-endpoint-config.xml,xacml-policy.xml,sts-config.properties,sts-roles.properties,sts-security-domain-jboss-beans.xml,sts-users.properties. All the XML is displayed to the console.

Continue reading “Enforcing Authentication and Authorization on a JAX-WS web service using Picketlink”